Adding or editing an asset profile

Before you can do a CIS benchmark scan, you must add the network assets that you intend to scan to IBM® QRadar®. Asset profiles are automatically discovered and added; however, you might be required to manually add a profile.

About this task

You can enter information on each asset manually by creating an Asset Profile on the Assets tab. Alternatively, you can configure a scan profile on the Vulnerabilities tab to run a discovery scan. The discovery scan allows QRadar® to identify key asset characteristics such as operating system, device type, and services.

When assets are discovered by using the Server Discovery option, some asset profile details are automatically populated. You can manually add information to the asset profile and you can edit certain parameters.

You can edit only the parameters that were manually entered. Parameters that were system-generated are displayed in italics and are not editable. You can delete system-generated parameters, if needed.

Procedure

  1. Click the Assets tab.
  2. On the navigation menu, click Asset Profiles.
  3. Choose one of the following options:
    Option Description
    Add Asset To add an asset, click Add Asset and type the IP address or CIDR range of the asset in the New IP Address field.
    Edit Asset Double click the asset that you want to view and click Edit Asset.
  4. Configure the parameters in the MAC & IP Address pane. Configure one or more of the following options:
    Important: When you edit an existing asset, the asset must have a MAC address before you can add an IP address.
    Parameter Description
    New MAC Address Type a MAC address in the dialog box.
    New IP Address Type an IP address in the dialog box.
    Unknown NIC If this parameter is listed, you can select this item, click the Edit icon, and type a new MAC address in the dialog box.
    Edit Select a MAC or IP address from the list, click the Edit icon, and type a new MAC address in the dialog box.
    Remove Select a MAC or IP address from the list and click the Remove icon.
  5. Configure the parameters in the Names & Description pane. Configure one or more of the following options:
    Parameter Description
    DNS

    Choose one of the following options:

    Type a DNS name and click Add.

    Select a DNS name from the list and click Edit.

    Select a DNS name from the list and click Remove.
    NetBIOS

    Choose one of the following options:

    Type a NetBIOS name and click Add.

    Select a NetBIOS name from the list and click Edit.

    Select a NetBIOS name from the list and click Remove.
    Given Name Type a name for this asset profile.
    Location Type a location for this asset profile.
    Description Type a description for the asset profile.
    Wireless AP Type the wireless Access Point (AP) for this asset profile.
    Wireless SSID Type the wireless Service Set Identifier (SSID) for this asset profile.
    Switch ID Type the switch ID for this asset profile.
    Switch Port ID Type the switch port ID for this asset profile.
  6. Configure the parameters in the Operating System pane:
    1. From the Vendor list box, select an operating system vendor.
    2. From the Product list box, select the operating system for the asset profile.
    3. From the Version list box, select the version for the selected operating system.
    4. Click the Add icon.
    5. From the Override list box, select one of the following options:
      • Until Next Scan - Select this option to specify that the scanner provides operating system information and the information can be temporarily edited. If you edit the operating system parameters, the scanner restores the information at its next scan.
      • Forever - Select this option to specify that you want to manually enter operating system information and disable the scanner from updating the information.
    6. Select an operating system from the list.
    7. Select an operating system and click the Toggle Override icon.
  7. Configure the parameters in the CVSS & Weight pane. Configure one or more of the following options:
    Parameter Description
    Collateral Damage Potential

    Configure this parameter to indicate the potential for loss of life or physical assets through damage or theft of this asset. You can also use this parameter to indicate potential for economic loss of productivity or revenue. Increased collateral damage potential increases the calculated value in the CVSS Score parameter.

    From the Collateral Damage Potential list box, select one of the following options:

    • None
    • Low
    • Low-medium
    • Medium-high
    • High
    • Not defined

    When you configure the Collateral Damage Potential parameter, the Weight parameter is automatically updated.
    Confidentiality Requirement

    Configure this parameter to indicate the impact on confidentiality of a successfully exploited vulnerability on this asset. Increased confidentiality impact increases the calculated value in the CVSS Score parameter.

    From the Confidentiality Requirement list box, select one of the following options:

    • Low
    • Medium
    • High
    • Not defined
    Availability Requirement

    Configure this parameter to indicate the impact to the asset's availability when a vulnerability is successfully exploited. Attacks that consume network bandwidth, processor cycles, or disk space impact the availability of an asset. Increased availability impact increases the calculated value in the CVSS Score parameter.

    From the Availability Requirement list box, select one of the following options:

    • Low
    • Medium
    • High
    • Not defined
    Integrity Requirement

    Configure this parameter to indicate the impact to the asset's integrity when a vulnerability is successfully exploited. Integrity refers to the trustworthiness and guaranteed veracity of information. Increased integrity impact increases the calculated value in the CVSS Score parameter.

    From the Integrity Requirement list box, select one of the following options:

    • Low
    • Medium
    • High
    • Not defined
    Weight

    From the Weight list box, select a weight for this asset profile. The range is 0 - 10.

    When you configure the Weight parameter, the Collateral Damage Potential parameter is automatically updated.
  8. Configure the parameters in the Owner pane. Choose one or more of the following options:
    Parameter Description
    Business Owner Type the name of the business owner of the asset. An example of a business owner is a department manager. The maximum length is 255 characters.
    Business Owner Contact Type the contact information for the business owner. The maximum length is 255 characters.
    Technical Owner Type the technical owner of the asset. An example of a business owner is the IT manager or director. The maximum length is 255 characters.
    Technical Owner Contact Type the contact information for the technical owner. The maximum length is 255 characters.
    Technical User

    From the list box, select the username that you want to associate with this asset profile.

    You can also use this parameter to enable automatic vulnerability remediation for QRadar Vulnerability Manager. For more information about automatic remediation, see the IBM Security QRadar Vulnerability Manager User Guide.
  9. Click Save.

What to do next

Configuring a credential set